Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for GVim by Vim

jvndb-2010-000051

Vulnerability from jvndb

Published

2010-11-01 18:51

Modified

2010-11-01 18:51

Severity ?

() - -

Summary

GVim may insecurely load dynamic libraries

Details

GVim may use unsafe methods for determining how to load DLLs. GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN27868039/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2010-23
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3914
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3914
	CERT-VN	http://www.kb.cert.org/vuls/id/707943
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA10-238A.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Vim

GVim

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000051.html",
  "dc:date": "2010-11-01T18:51+09:00",
  "dcterms:issued": "2010-11-01T18:51+09:00",
  "dcterms:modified": "2010-11-01T18:51+09:00",
  "description": "GVim may use unsafe methods for determining how to load DLLs.\r\n\r\nGVim is a text editor. GVim loads certain DLL\u0027s when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000051.html",
  "sec:cpe": {
    "#text": "cpe:/a:vim:gvim",
    "@product": "GVim",
    "@vendor": "Vim",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000051",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN27868039/index.html",
      "@id": "JVN#27868039",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
      "@id": "JVNTR-2010-23",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3914",
      "@id": "CVE-2010-3914",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3914",
      "@id": "CVE-2010-3914",
      "@source": "NVD"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/707943",
      "@id": "VU#707943",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
      "@id": "TA10-238A",
      "@source": "CERT-TA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "GVim may insecurely load dynamic libraries"
}